VDB
CVE-2008-6998
CVE-2008-6998
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
EPSS 21.76% · 95.9th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
21.76%
95.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chrome | 0.2.149.27 | |
| n/a | n/a | * |
Exploit Intelligence
- google-chrome-href-dos(44934) (circl)
- http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797 (circl)
- google-chrome-urlelider-bo(45032) (circl)
- http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html (circl)
- 48264 (circl)
- http://shinnok.evonet.ro/vulns_html/chrome.html (vulncheck-nvd)
- http://www.securityfocus.com/bid/31034 (vulncheck-nvd)
- http://www.securityfocus.com/bid/31071 (vulncheck-nvd)
- 6372 (cve.org)
Timeline
- Aug 18, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- google-chrome-href-dos(44934) vdb
- http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797 url
- google-chrome-urlelider-bo(45032) vdb
- 31034 vdb
- http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html url
- 6372 exploit
- 48264 vdb
- http://shinnok.evonet.ro/vulns_html/chrome.html url
- 31071 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2008-6998 advisory